diff options
| author | beck <> | 2016-11-04 05:13:13 +0000 |
|---|---|---|
| committer | beck <> | 2016-11-04 05:13:13 +0000 |
| commit | 75d6d2ca7daaedc9ebe7930439f3c31b2fbf5f60 (patch) | |
| tree | beb66ed0e210e9dcdda1ae81df9eaf1ac13b84b6 /src/lib/libtls/tls_config.c | |
| parent | 634ebace8103bf766f556cfe3aefdcdc5974a402 (diff) | |
| download | openbsd-75d6d2ca7daaedc9ebe7930439f3c31b2fbf5f60.tar.gz openbsd-75d6d2ca7daaedc9ebe7930439f3c31b2fbf5f60.tar.bz2 openbsd-75d6d2ca7daaedc9ebe7930439f3c31b2fbf5f60.zip | |
Add ocsp_require_stapling config option for tls - allows a connection
to indicate that it requires the peer to provide a stapled OCSP response
with the handshake. Provide a "-T muststaple" for nc that uses it.
ok jsing@, guenther@
Diffstat (limited to 'src/lib/libtls/tls_config.c')
| -rw-r--r-- | src/lib/libtls/tls_config.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c index c07621acaf..5c73c29d65 100644 --- a/src/lib/libtls/tls_config.c +++ b/src/lib/libtls/tls_config.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_config.c,v 1.28 2016/08/22 14:55:59 jsing Exp $ */ | 1 | /* $OpenBSD: tls_config.c,v 1.29 2016/11/04 05:13:13 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -621,6 +621,12 @@ tls_config_verify(struct tls_config *config) | |||
| 621 | } | 621 | } |
| 622 | 622 | ||
| 623 | void | 623 | void |
| 624 | tls_config_ocsp_require_stapling(struct tls_config *config) | ||
| 625 | { | ||
| 626 | config->ocsp_require_stapling = 1; | ||
| 627 | } | ||
| 628 | |||
| 629 | void | ||
| 624 | tls_config_verify_client(struct tls_config *config) | 630 | tls_config_verify_client(struct tls_config *config) |
| 625 | { | 631 | { |
| 626 | config->verify_client = 1; | 632 | config->verify_client = 1; |